Categories

Archives

How to secure wifi-router

Nowadays almost in all appartments there is at least one wireless router or modem. Everybody wants to buy such equipment but not everyone knows how to secure the router properly. Read our tips about router protection and security.

Why router security is important? Risks of unprotected router

The hackers can gain access to your files, passwords, banking and even observe you over your webcam of surveillance cameras.

All devices connected to the router can be directed to malicious site or show fraudulent page.

Neighbours can leech off your connection.

How to secure wireless router, modem or access point

Change the default password for web-interface

This is very important. Default logins and passwords are commonly known by everybody. So any person can try to log into the web interface of your device at any time.

Change the password to strong. Do not use your birth date, phone number, etc.

If possible, change the login as well.

Disable remote access

If you need to have remote management possibility enabled, change the port number to non-standard and specify an IP address to allow connections from.

Disable WPS or QSS

WPS stands for Wi-Fi Protected Setup. In TP-Link equipment it is called QSS (Quick Security Setup). The feature is designed to facilitate configuration of the router but it is vulnerable and allows to hack the wireless network. Disable this function.

Use WPA2-PSK security for Wi-Fi with strong security key

1. Select WPA2-PSK security mode.

2. Secelt AES (AES-CCMP) cipher type for better performance.

3. Specify a strong security key for your wireless network. 10 symbols is a good solution:

Disable Guest networks

Guest network feature is available in modern routers. They are designed to provide internet for guests of your office while the staff is using another corporate network. But this feature can reduce privacy. So it is recommended to turn it off.

Disable UPnP

Some router models have bad UPnP implementation (read more). So it is recommended that you disable UPnP:

Extra security measures for router protection

In most cases it is enough to fulfill the basic protection steps from the previous paragraph. Apply the extra measures if you believe that somebody tried to hack your router or if you have an extra private information on your home network.

Use non-default IP address range without DHCP

1. Give a non-standard LAN IP to router. E.g. 192.168.49.192

2. Turn off DHCP

Manually specify a unique IP address from the pool to every device on a network.

Setup a MAC address filter using white list mode

This means you create a list of MAC addresses and allow only these devices access the Internet:

Disable SSID broadcast

Make your network invisible by turning off the SSID broadcast. The client will have to enter not only security key but input the correct SSID as well to connect to your wi-fi: